Accounts for Google’s Nest line of smart home devices are now covered by the company’s Advanced Protection Program, which traditionally has provided enhanced security for journalists, politicians, elections workers, and other people who are frequently targeted by hackers.
Google rolled out APP in 2017. It requires users to have at least two physical security keys, such as those available from Yubico, Google’s Titan brand, or other providers. Typically, keys connect through USB slots or Near-field Communication or Bluetooth interfaces. Once registered, the keys provide cryptographic secrets that are unphishable and, at least theoretically, impossible to intercept through malware attacks or other types of hacking. APP also limits the apps that can connect to protected accounts, although registering Thunderbird to connect to Gmail is relatively easy.
Pulling up your account by the bootstraps
Once an account is enrolled and each device (including a phone) is authenticated through the physical-key process Google calls bootstrapping, people can use their iOS or Android devices as a security key. That’s usually easier, faster, and more convenient than using physical security keys. Typically, users must bootstrap only rarely after the bootstrapping process, such as when Google detects suspicious behavior. APP also pushes alerts to users’ devices and registered email accounts each time a new device connects.
Source: Ars Technica – Nest users now covered by Google’s ultra-secure Advanced Protection Program